Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trying to build a license utilization report based on licenses used vs. the number of licenses purchased.

mangelastro
Observer
‎02-17-2018 03:34 PM

We need a license usage report based on data in a log file. I built a search that extracts the following data,

_time as date in %Y-%m-%d format, 2018-01-05 (January 5th 2018)
The next field is License, which can be a value of “Rational Quality Manager”
Next field is “Jazzrole” such as “Analyst” or “Quality Professional”
Next field is Tokens which is either “OUT” or “IN” since license tokens can be checked out and checked back in
Then “TokensInOut” is the number of tokens “checked out”
I also created a field using stats to sum the # of tokens checked out for a particular license by day called TotalTokensOut

We need to determine by day the number of tokens “checked out” for a particular license such as Rational Quality Manager and
Jazz role “Quality Professional” against the number of license tokens available which is a hard coded number such as 890 or Quality Professional or 1000 for Doors Analyst.

so the table looks like:

alt text
We’d like to build a report that includes LicenseUtilization by date, license type, jazz role, and figure the % utilized for a particular license

alt text

Any ideas how we can build this report to take the sum for each tokens used by date and license and determine the % utilized based on hard coded values such as the ones above? 890 for Quality Professional and 1000 for DOORS Analyst?

I’m very new to Splunk so any help would be appreciated.

Here’s the search info for the report

index=_* OR index=* sourcetype=lmgrd Tokens=*OUT | convert timeformat="%Y-%m-%d" ctime(_time) AS date | convert `num(TokensInOut) | stats sum(TokensInOut) as TotalTokensOut by date, License, Jazzrole`

which displays

Date License JazzRole TotalTokensOut

Thanks!

Tags (1)
Preview file
34 KB
Preview file
45 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-18-2018 10:36 AM

You can do like this

index=_* OR index=* sourcetype=lmgrd Tokens=*OUT | convert timeformat="%Y-%m-%d" ctime(_time) AS date | convert `num(TokensInOut)` | stats sum(TokensInOut) as TotalTokensOut by date, License, Jazzrole
| eval TotalTokens=case(Jazzrole="Quality Professional",890", Jazzrole="Doors Analyst",1000,...other roles)
| eval TokenUtilization=(TotalTokens-TotalTokensOut)*100/TotalTokens

It would be easier if you can put the TotalTokens for a Jazzrole in a lookup table, say Jazzrole_tokens.csv with field Jazzrole and TotalTokens. Once you set it up, you can replace the line 3 of above search (eval TotalTokens) with this

| lookup Jazzrole_tokens.csv Jazzrole OUTPUT TotalTokesn

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-18-2018 10:36 AM

You can do like this

index=_* OR index=* sourcetype=lmgrd Tokens=*OUT | convert timeformat="%Y-%m-%d" ctime(_time) AS date | convert `num(TokensInOut)` | stats sum(TokensInOut) as TotalTokensOut by date, License, Jazzrole
| eval TotalTokens=case(Jazzrole="Quality Professional",890", Jazzrole="Doors Analyst",1000,...other roles)
| eval TokenUtilization=(TotalTokens-TotalTokensOut)*100/TotalTokens

It would be easier if you can put the TotalTokens for a Jazzrole in a lookup table, say Jazzrole_tokens.csv with field Jazzrole and TotalTokens. Once you set it up, you can replace the line 3 of above search (eval TotalTokens) with this

| lookup Jazzrole_tokens.csv Jazzrole OUTPUT TotalTokesn
0 Karma
Reply
Solved! Jump to solution

mangelastro
Observer
‎02-18-2018 01:28 PM

Thanks! that worked great. Had to switch some things around as far as the math but its working great.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...